CoaP Seminar (21/11/2022)

As part of our series La Cybersécurité sur un plateau  (Cybersecurity on a Plate), we will have the following seminars:

• Aina Toky Rasoamanana, PhD candidate at Télécom SudParis, who will present his work on state machine inference of TLS protocol implementations.
• Mohamad Mansouri, PhD (CIFRE) candidate at EURECOM / Thales, who will present his work on secure and fault-tolerant aggregation for federated learning.

The talks will take place at 2 p.m. at the IMT/TP/TSP building (room 3.A405).

• Aina Toky Rasoamanana - Towards a Systematic and Automatic Use of State Machine Inference to Uncover Security Flaws and Fingerprint TLS Stacks

  TLS is a well-known and thoroughly studied security protocol. In this paper, we focus on a specific class of vulnerabilities affecting TLS implementations, state machine errors. These vulnerabilities are caused by differences in interpreting the standard and correspond to deviations from the specifications, e.g. accepting invalid messages, or accepting valid messages out of sequence. We develop a systematic methodology to infer the state machines of major TLS stacks from stimuli and observations, and to study their evolution across revisions. We use the L* algorithm to compute state machines corresponding to different execution scenarios. We reproduce several known vulnerabilities (denial of service, authentication bypasses), and uncover new ones. We also show that state machine inference is efficient and practical for integration within a continuous integration pipeline, to help find new vulnerabilities or deviations introduced during development.

  With our systematic black-box approach, we study over 400 different versions of server and client implementations in various scenarios (protocol version, options). Using the resulting state machines, we propose a robust algorithm to fingerprint TLS stacks. To the best of our knowledge, this is the first application of this approach on such a broad perimeter, in terms of number of TLS stacks, revisions, or execution scenarios studied.

  This work has been published at ESORICS 2022.

• Mohamad Mansouri - Learning from Failures: Secure and Fault-Tolerant Secure Aggregation for Federated Learning

  Federated learning allows multiple parties to collaboratively train a global machine learning (ML) model without sharing their private datasets. To make sure that these local datasets are not leaked, existing works propose to rely on a secure aggregation scheme that allows parties to encrypt their model updates before sending them to the central server that aggregates the encrypted inputs.

  In this work, we design and evaluate a new secure and fault-tolerant aggregation scheme for federated learning that is robust against client failures. We first develop a threshold-variant of the secure aggregation scheme proposed by Joye and Libert. Using this new building block together with a dedicated decentralized key management scheme and an input encoding solution, we design a privacy-preserving federated learning protocol that, when executed among n clients, can recover from up to n/3 failures. Our solution is secure against a malicious aggregator who can manipulate messages to learn clients' individual inputs. We show that our solution outperforms the state-of-the-art fault-tolerant secure aggregation schemes in terms of computation cost on the client. For example, with an ML model of 100K parameters, trained with 600 clients, our protocol is 5.5x faster (1.6x faster in case of 180 clients drop).

  This work will appear in ACSAC’22.

LINCS seminar (26/10/2022)

As part of our collaboration with LINCS, on Wednesday October the 26th, we will have the following seminar (Palaiseau, room 4A467, 3 pm):

• Michel Barbeau - Work Memory Requirements in Error Susceptible Quantum Networks

  Abstract: We consider the problem of path congestion avoidance in networks of quantum repeaters and terminals. In other words, the avoidance of situations when demands exceed capacity. We assume networks in which the sets of complete paths between terminals may affect the capacity of repeaters in the network. We compare the reduction of congestion avoidance of path establishment algorithms: shortest-path establishment vs. layer-peeling path establishment. We observe that both strategies provide an equivalent entanglement rate, while the layer-peeling establishment algorithm considerably reduces the congestion in the network of repeaters. Repeaters in the inner layers get less congested and require a lower number of qubits while providing a similar entanglement rate.

  Short Bio: Michel Barbeau. Professor and Director. School of Computer Science. Carleton University, Ottawa, Canada

  
  [Recording]

Students seminar (11/10/2022)

The seminar will take place at 1.30 p.m. at the IMT/TP/TSP building (room Amphi 5). It will be followed by a cocktail at the Entrepôtes 19 (6.30 pm).

• Agenda

  • 1.30 p.m.: Welcome Coffee
  • 2 p.m.: Grégory Blanc, Christophe Kiennert, Olivier Levillain - Opening
  • 2.15 p.m.: Constance Chou (Thales) - Web Application Firewall : enjeux, fonctionnement et étude
  • 2.45 p.m.: Martin Spiering, Matthieu Touloucanon, Quentin Michaud (HackademINT) - 404 CTF
  • 3.15 p.m.: Ministère de l'Intérieur - Analyse de flux chiffré en entreprise pour la détection d'incident de sécurité
  • 3.45 p.m.: Break
  • 4.30 p.m.: Amré Abouali (Cybershen) - Former RSSI & Entrepreneur
  • 5 p.m.: Olivier Levillain (TSP) - Influence de la qualité des spécifications sur la sécurité logicielle
  • 5.30 p.m.: Rump Session
  • 6.30 p.m.: Cocktail at the Entrepôtes 19.



• Rump Session

  • Constance Chou - Développement en cycle en V et IVVQ
  • Rémi Di Valentin and Yadi Huang - Offres IVVQ Cyber Thales
  • Ministère de l'Intérieur - Présentation d'une offre de stage de développement d'outil de sécurité pour le traitement de fichiers
  • Grégory Blanc et Olivier Levillain - Séminaire CoaP (Cybersecurity on a Plate / la cybersécurité sur un plateau)
  • Florian Martin - BlueTeam vs SMB
  • Romain Cherré - Filtrage et DNS : RPZ et XDP
  • Mathieu Degré - Introduction aux réseaux euclidiens (lattices)

Grégoire Menguy (4/10/2022)

We welcome Grégoire Menguy, a former Telecom SudParis student, currently doing a thesis at the CEA. His intervention will take place at 2 p.m. in the IMT/TP/TSP building (room 3.A405).

• Search-Based Local Blackbox Deobfuscation: Understand, Improve and Mitigate

  Code obfuscation aims at protecting Intellectual Property and other secrets embedded into software from being retrieved. Recent works leverage advances in artificial intelligence (AI) with the hope of getting blackbox deobfuscators completely immune to standard (whitebox) protection mechanisms. While promising, this new field of AI-based, and more specifically search-based blackbox deobfuscation, is still in its infancy. In this work, we deepen the state of search-based blackbox deobfuscation in three key directions: understand the current state-of-the-art, improve over it and design dedicated protection mechanisms. In particular, we define a novel generic framework for search-based blackbox deobfuscation encompassing prior work and highlighting key components; we are the first to point out that the search space underlying code deobfuscation is too unstable for simulation-based methods (e.g., Monte Carlo Tree Search used in prior work) and advocate the use of robust methods such as S-metaheuristics; we propose the new optimized search-based blackbox deobfuscator Xyntia which significantly outperforms prior work in terms of success rate (especially with small time budget) while being completely immune to the most recent anti-analysis code obfuscation methods; and finally we propose two novel protections against search-based blackbox deobfuscation, allowing to counter Xyntia powerful attacks.

  This work has been published at CCS 2021. [Slides]